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(54) Biometric authentication device 

(57) A biometric authentication device provided for 
managing access to at least one entity, said device be- 
ing connectable to a database storing biometric tem- 
plates, said device comprising a set of bio-engines and 
a data capture unit provided to collect life biometric data, 
each of said bio-engines being provided for performing 
a dedicated biometric authentication operation with said 
biometric templates and said life biometric data and for 
generating a score as a result of said authentication op- 
eration, said device comprises a decision unit operating 
according to a master-slave relationship, wherein said 



decision unit being the master, said decision unit being 
provided for receiving each of said scores and for as- 
signing a respective weight factor to each of said scores 
and forming a set of weighted scores therewith, said de- 
cision unit being further provided for combining said 
weighted scores and generating a verified score there- 
with, said decision unit being also provided for compar- 
ing said verified score with a threshold value and for 
generating an access enable signal as a result of a pos- 
itive comparison and an access refusal signal as a result 
of a negative comparison. 
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Description 

[0001] The present invention relates to a biometric au- 
thentication device provided for managing access to at 
least one entity, said device being operatively connect- 
able to a database provided for storing biometric tem- 
plates, said device comprising a set of bio-engines each 
having an input for receiving said biometric templates 
and life biometric data originating from a data capture 
unit provided to collect life data, each of said bio-en- 
gines being provided for performing a dedicated biomet- 
ric authentication operation with said biometric tem- 
plates and said life biometric data and for generating a 
score as a result of said authentication operation. 
[0002] Biometric authentication devices are known 
and their use is for example described in the article "Per- 
son authentication by fusing face and speech informa- 
tion* written by B. Due, G. MaTtre, S. Fischer and J. 
Bigun and presented on the First International Confer- 
ence AVBPA in Crans-Montana in March 1997 (p. 
311-318). Biometrics is a science of measuring unique 
physical or behavioural characteristics such as the pat- 
tern of the voice of a person, or the micro-visual pattern 
of his retina, the tiny swirls etched in the skin of his fin- 
gertip, this facial appearance etc. Biometric authentica- 
tion is used to manage access to an entity such as for 
example an office or a room, a bank account, a compu- 
ter or a network, etc. The biometric data of one or more 
persons is stored in a database to which the bio-engines 
performing the biometric authentication have access. 
Data capture units such as for example a camera, a fin- 
gerprint scanner or a microphone collect the life biomet- 
ric data from the person who want to get access to the 
entity protected by the biometric authentication device. 
The bio-engines perform than authentications and issue 
a score. If the score is above the predetermined thresh- 
old the person will get access to the entity. If the score 
is below the threshold access will be refused. The bio- 
engines are provided for a dedicated biometric authen- 
tication, i.e. there is a bio-engine for voice authentica- 
tion, one for the fingerprint, another for the facial appear- 
ance etc. Each bio-engine generates its own score in- 
dependent of the other engines. 
[0003] Operating with a single bio-engine has a major 
drawback because the life biometric data of the person 
such as collected by the data capture unit can change. 
So for example a person having a cold will have his voice 
sound differently such that the bio-engine performing 
the voice authentication will issue a tower score which 
could lead to an access refusal. This could be solved by 
lowering the threshold. However lowering the threshold 
leads to an increase of false acceptance which for cer- 
tain secure applications is unacceptable. Therefor at- 
tempts have been made to combine the outputs of sev- 
eral bio-engines such as described in the referred arti- 
cle. 

[0004] A drawback of the known devices where the 
output of several biometric engines are combined is that 
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they do not enable a true combination of the scores as 
each bio-engine continues to operate on its own by gen- 
erating its own decision based on its internal score. 
[0005] It is an object of the invention to realise a bio- 

5 metric authentication device enabling a true combina- 
tion of the scores of the different bio-engines. 
[0006] A biometric authentication device according to 
the present invention is therefor characterized in that 
said device comprises a decision unit connected to said 

10 bio-engines and operating according to a master-slave 
relationship, wherein said decision unit being the mas- 
ter, said decision unit being provided for receiving each 
of said scores and for assigning a respective weight fac- 
tor to each of said scores and forming a set of weighted 
scores therewith, said decision unit being further provid- 
ed for combining said weighted scores and generating 
a verified score therewith, said decision unit being also 
provided for comparing said verified score with a thresh- 
old value and for generating an access enable signal as 

20 a result of a positive comparison and an access refusal 
signal as a result of a negative comparison. The master- 
slave governing the relationship between the decision 
unit and the bio-engines enables such a true combina- 
tion as the bio-engines scores are weighted by the de- 

25 cision unit. If one score is for example below the thresh- 
old whereas the others are above their respective 
thresholds, the decision unit can reduce the impact of 
such a bio-engine by assigning a low weight factor. As 
the decision unit has the scores of the different bio-en- 

30 gjnes a relative weighing of the different scores be- 
comes possible. The decision to enable or not access 
to the entity is thus no longer based on a combination 
of the individual outputs of the different bio-engines, but 
on a combination of the scores realised by the decision 

3S unit. 

[0007] A first preferred embodiment of a biometric au- 
thentication device according to the invention is charac- 
terized in that the decision unit is connected with a first 
bio-decision engine which is provided for executing a 

40 serial combinatorial operation with the scores generated 
by at least one of said bio-engines, said first bio-decision 
engine being provided to operate as a slave from said 
decision unit. This enables to have each individual bio- 
engine performing several authentication operations 

45 and to serially combine the scores issued by a same 
bio-engine. 

[0008] A second preferred embodiment of a biometric 
authentication device according to the invention is char- 
acterized in that the decision unit is connected with a 

50 second bio-decision engine, which is provided for exe- 
cuting a parallel combinatorial operation with the scores 
generated by at least one of said bio-engines, said sec- 
ond bio-decision engine being provided to operate as a 
slave from said decision unit. This enables to have each 

55 individual bio-engine performing several authentication 
operations and to combine in parallel the scores issued 
by a same bio-engine. 

[0009] A third preferred embodiment of a biometric 
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authentication device according to the invention is char- 
acterised in that said decision unit is provided tor gen- 
erating a control signal when said verified score is below 
said threshold, said decision unit being further provided 
for determining a set of further weight factors under con- 
trol of said control signal and assigning them to said 
scores and generating a further verified score therewith. 
This enables to reconsider the authentication operation 
if one of the scores was insufficient for example due to 
particular circumstances such a user having a bad voice 
quality due to a cold. 

[0010] A fourth preferred embodiment of a biometric 
authentication device according to the invention is char- 
acterized in that said further weight factors and said 
weight factors each time satisfy a predetermined rela- 
tionship. The weight factors are thus normalized which 
facilitates the calculation and keeps the verified score 
reliable. 

[001 1] Preferably said decision unit comprises a core 
server which is provided for generating said verified 
score and executing said comparison. This facilitates 
the architectural structure of the device. 
[0012] Preferably characterized in that said decision 
unit comprises a module manager which is provided for 
managing data traffic between said bio-engines and 
said core server. An improved architecture for the data 
traffic is thus obtained. 

[001 3] Preferably said data capture unit is connected 
to an interface to which a feature module is connected, 
said feature module being provided for input of client 
dedicated features. The end user can in such a manner 
supply his own particular features to the device, such as 
for example those relating to a particular group of users 
or relating to particularities of individual users. 
[001 4] A fifth preferred embodiment of a biometric au- 
thentication device according to the invention is charac- 
terized in that said biometric templates are stored in a 
memory formed by either a smartcard, a harddisk, a 
EEPROM or a flash memory. In particular when a smart- 
card is used, the biometric templates of the owner are 
stored thereon and there is no need to let them travel 
over a publicly accessible network. 
[0015] A sixth preferred embodiment of a biometric 
authentication device according to the invention is char- 
acterized is that said decision unit is connected to a self 
learning module which is provided for substituting into 
said database a biometric template by a life biometric 
data under control of a second control signal generated 
by said decision unit upon detection of a score issued 
by a bio-engine which is higher than a further predeter- 
mined threshold value. This enables to up-date the bio- 
metric templates and thus to improve the reliability of 
the access monitoring. 

[0016] A seventh preferred embodiment of a biomet- 
ric authentication device according to the invention is 
characterized in that said decision unit is connected to 
an environmental module which is provided for gener- 
ating a trigger signal, said decision unit being provided 



to modify the weight factors under control of said trigger 
signal This enables to take into account environmental 
conditions such as background noise or high or pour 
light intensity. 

5 [0017] The invention will now be described in more 
details by means of the drawings showing a preferred 
embodiment of a device according to the invention. In 
the drawings : 

10 Figure 1 illustrates the relation between a False Ac- 
cept Rate and a False Reject Rate; 

Figure 2 illustrates serial operating bio-engines; 

Figure 3 illustrates parallel operating bio-engines; 

Figure 4 illustrates a combination of parallel and se- 
is rial operating bio-engines; 

Figure 5 illustrates a set-up of different bio-engines 

according to the state of the art; 

Figure 6 illustrates the principle of a threshold in a 

bio-engine; 

20 Figure 7 illustrates schematically a set-up of a bio- 
metric authentication device according to the 
present invention; 

Figure 8 illustrates the architecture of a biometric 
authentication device according to the present in- 
25 vention; and 

Figure 9 illustrates schematically the operation of a 
biometric authentication device according to the 
present invention. 

30 [0018] In the drawings a same reference sign has 
been assigned to a same or analogous element. 
[0019] In biometrics a distinction is made between a 
■client", who should be recognised as somebody having 
access to the protected entity and an 'impostor' who is 

35 someone pretending to be someone else and who 
should not have access. The protected entity can be a 
room, an office, a bank account, a computer system, a 
network etc. 

[0020] The False Acceptance Rate (FAR) gives the 
40 percentage of falsely accepted impostors 

P AR _ total number of falsely accepted impostors 
total number of impostors tested 

45 [0021] The False Rejection Rate (FRR) gives the per- 
centage of falsely rejected clients. 

Frr - total number of falsely rejected clients 
total number of clients tested 

50 

[0022] The Equal Error Rate (EER) is the percentage 
corresponding to the threshold level for which the FAR 
and FRR are equal. Figure 1 illustrates the relation be- 
tween FAR and FRR. FAR and FRR are inversely pro- 
55 portional as illustrated. The technology tries to lower the 
EER which is the cross point between the FAR - FRR 
curve and the curve y = x. To lower the EER it is neces- 
sary to lower the values of FAR and FRR This can be 
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obtained by increasing the number of biometric authen- 
tications. 

[0023] Authentication signifies the general process of 
verifying the identity claimed by the user. Authentication 
thus covers as well a authentication process, which is a 
one to one process, as an identification process, which 
is a one to many process. Identification answers the 
question "Who is trying to get in ?, whereas authentica- 
tion answers the question "Is that really Mr. Jones trying 
to get in ?" Biometric authentication is used as a general 
term for a process of checking ones identity by biometric 
technology. 

[0024] A first possibility for increasing the number of 
biometric authentications is to serially combine the bio- 
metric authentication operations such as illustrated in 
figure 2. Suppose that two biometric authentication op- 
erations are performed, one by bio-engine A which per- 
forms a voice authentication and one by bio-engine B 
which performs face authentication. The serial combi- 
nation starts with the first bio-engine generating a score 
Sva. 

[0025] Due to the serial arrangement the second bio- 
engine B can only generate a score Svb if the first bio- 
engine has generated a positive score, i.e. if the first 
authentication was successful. The FAR S of the whole 
system is determined by : 

FAR S = FAR A X FAR B 

The FRR S of the system is determined by 

FRR S = FFR A + (1 - FRR A ) X FRR B 

By way of example suppose now 

EER A = 5 % and EER B = 2 % 

Suppose also that both bio-engines will operate at a 
threshold where the EER is obtained. The threshold be- 
ing the value of the score such as generated by the bio- 
engine at which a positive result i.e. access enabled, is 
generated. So FAR A = FRR A = 5 % and FAR B = FRR B 
= 2%. The serial system will then have the following 
values : 

FAR S = 0.05 x 0.02 = 0.001 or 0.1 % 

FRR S = 0.05 + (1 - 0.05) x0.02 = 0.069 or 6.9 % 

Thus the serial combination offers a better FAR S than 
each individual system but the FRR S has become 
worse. So with a serial combination it is harder to get 
falsely accepted because one has to pass two or more 



authentications, but the probability of being falsely re- 
fused has substantially increased. 
[0026] A second possibility for increasing the number 
of biometric authentications is to combine the biometric 

5 operations in parallel as illustrated in figure 3. In such a 
configuration the user has two attempts which are per- 
formed independently from each other. The acceptance 
of a user by one of the engines will not reroute the au- 
thentication procedure to the other. If a person is not 

10 accepted by one of the engines he could still be accept- 
ed by the other. Combining both systems will provide an 
overall performance with : 



FRR S = FRR A x FRR B 

20 Going back to the example with FAR A - FRR A = 5 % 
and FAR B = FRR B = 2 % the following results are 
obtained : 

FAR- = 0.05 + 0.02 - 0.05 x 0.02 = 
25 s 

0.7 - 0.001 = 0.069 or 6.9 % 
FRR S = 0.05 x 0.02 = 0.001 or 0.1 % 

30 

Thus a parallel combinatorial system has a better FRR S 
than each of the individual system, but the FAR S has 
substantially increased. 

35 [0027] A third possibility for increasing the number of 
biometric authentications is to form a combination of 
both parallel and serial combinations such as for exam- 
ple illustrated in figure 4. Each of the bio-engines per- 
forms in parallel several authentication processes and 

40 the output of the first layer of bio-engines (1 ) (for exam- 
ple the voice authentication) is serially combined to the 
second layer of bio-engines (2) (for example a finger- 
print authentication). With such a set-up a user has three 
attempts with the first layer and if he is successful in one 

45 of those attempts he has again three attempts with the 
second layer. The overall performance of this system is 
now : 



FAR S1 = FAR la + (1-FAR 1a ) x FAR 1b 
+ (1 - FAR 1a ) x (1 - FAR 1b ) x FAR 1C 

FRR S1 = FRR 1a x FRR lb x FRR lc 

FAR S2 = FAR 2a +(1 - FAR 2a ) x FAR^ 



FAR S = FAR A + FAR B - FAR A x FARB B 



25 



30 
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+ (1 - FAR^) x(1 - FAR 2b ) x FAR, 
FRRqo — FRR^ x FRRou x FRR« 



FARqq = FAR Q1 x FAR, 



FARgg = FRR S1 + (1 - FRR S1 ) x FRR^ 
Turning back to the example with FAR 1a1b1c = 

FRR 1a,1b,1c = 5% 

FAR 2a, 2b, 2c ~ FRR 2a,2b, 2c = 2 % 

the following results are obtained. 

FAR— = 0.083 or 0.83% 



FRR ss = 0001 3 or 001 3 % 

This set-up thus provide an overall improvement since 
both the FAR and FRR have better values than the in- 
dividual systems. 

[0028] The theory set out here before shows thus by 
using several layers into an authentication scheme in a 
same session enables the combination of several bio- 
metric results. Figure 5 shows schematically an embod- 
iment according to the state of the art of combining sev- 
eral bio-engines. The illustrated device comprises face 
authentication member 1, a fingerprint authentication 
member 2 and a voice authentication member 3 which 
are all connected to a Local Area Network 4 (LAN). Of 
course other members could be connected to the LAN 
but only three are shown for the sake of clarity. A firewall 
5 protects the LAN from the outside publically accessi- 
ble network 7 to which a netserver 6 is connected. The 
entity 8 to which access has to be managed is for ex- 
ample formed by an entrance door. Each of the mem- 
bers 1 , 2 and 3 operate individually from each other and 
have there own server and their own database in which 
biometric templates are stored. Biometric templates be- 
ing each time formed by a set of data comprising the 
biometric data belonging to one or more clients of which 
the access to the entity has to be controlled and who 
have access to the entity. So for example the biometric 
template of the face of Arthur Jones who has access to 
the building is formed by a set of data identifying the 
face of Arthur Jones. 

[0029] In the device of figure 5 each of the members 
will perform there own authentication process by using 
their own database and own bio-engines and each bio- 
engine will issue a score which will be compared with 



the threshold set in that bio-engine upon initializing that 
bio-engine. If the score of the bio-engine is higher than 
the threshold an acceptance signal will be issued and 
supplied to the LAN, if not a refusal signal is issued and 

5 supplied to the LAN. The score such as issued by the 
bio-engine is not available on the LAN. 
[0030] As already mentioned each bio-engine pro- 
vides a score which is thresholded to come to a decision 
being accept, reject or fuzzy. Each bio-engine has a per- 

10 formance curve that characterizes the technology in- 
volved and which is expressed by the EER. 
[0031] Figure 6 shows a first curve (a) for the bonaf ide 
score and a second curve (b) for the impostor score. 
The vertical line ( c ) illustrates the set threshold value. 

is If the score is higher than the threshold the user is ac- 
cepted, if not he is rejected. In biometrics there is a typ- 
ical trade-off between accepting users and rejecting 
them. Increasing the threshold will lower the false ac- 
cept but will raise the false reject rate. Since biometrics, 

20 by their nature, are not deterministic the score obtained 
by the bio-engines may show variance over time. Typi- 
cally a user either a bonafide or an impostor, will usually 
have a Gaussian distribution around his mean score. 
[0032] Combining different biometrics, each with their 

25 specific FAR, FRR and EER enables to get a better per- 
formance. The biometric authentication device accord- 
ing to the present invention combines the outcome of 
different bio-engines at their result or score level and not 
at the level of the signals as it is the case for the device 

30 shown in figure 5. An example of a biometric authenti- 
cation device according to the present invention is sche- 
matically illustrated in figure 7. The device comprises a 
LAN 10 to which a layered biometric platform 11 is con- 
nected. A firewall 16 is connected between the LAN 10 

35 and the outside network 17 to which a web server 19 
could also be connected. Different client modules 12 (a, 
b, c) can be connected to the platform 11 . So for exam- 
ple module 1 2a is dedicated to particular client features 
for the LAN security, whereas module 12b respectively 

40 1 2c is dedicated to particular client features for the web 
security and physical access to an entity such as a door 
13. The different bio-engines performing the biometric 
authentication operation are now embedded in the plat- 
form. The centralization of all bio-engines 11a, 11b and 

45 tic into one platform enables to centralize the storage 
of the bio-data and templates and to have a common 
logging and archiving environment. The platform has a 
common server operating with a common database 
which is either permanently embedded in the platform 

50 and for example formed by a hard disc or another mem- 
ory, or is formed by a stand alone memory such as for 
example a smartcard which is connectable to the plat- 
form. The server is formed either by a relatively powerful 
computer, as biometric needs an intensive cpu work, or 

55 is formed by different processors provided to operate 
together. 

[0033] Figure 8 illustrates an embodiment of the ar- 
chitecture of the platform and the client module of the 
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biometric authentication device according to the present 
invention. The client module 1 2 comprises one or more 
data capture units 20, depending on the biometric au- 
thentication to be performed. So for example if authen- 
tication is to be performed on the face, the fingerprint 
and the voice, the data capture unit will comprise a cam- 
era, a fingerprint scanner and a microphone. The data 
capture unit is connected with an interface 21 provided 
to process the data captured by the unit 20 into a pre- 
determined format arranged to be processed by the bio- 
engines. A client feature unit 22 is further connected to 
the interface 22 and is provided for input of client dedi- 
cated features. Such features indicate for example par- 
ticularities for certain users (poor quality of the voice, 
etc.) Which can then be taken into account by the de- 
vice. The data provided by the client feature unit 22 is 
also formatted by the interface 21 . 
[0034] The interface 21 is connected to a bio-applica- 
tion program interface 23 which is part of the platform 
11 . This platform comprises a decision unit formed by a 
core server 24 and a module manager 25. The decision 
unit is connected to interface 23. Different bio-engines 
26, 27 and 28 are connected to the decision unit and 
are operating according to a master-slave relationship, 
the decision unit being the master and the bio-engines 
the slaves. The module manager 25 is provided for man- 
aging the data traffic between the core server and the 
bio-engines. Bio-engine 26 executes a voice authenti- 
cation operation and bio-engines 27 and 28 respectively 
execute a face and a fingerprint authentication. Of 
course more than three bio-engines could be available 
and even with two bio-engines the invention could be 
applicable. It should also be noted that the decision unit 
can operate on different operating systems, being Win- 
dows, Unix etc. 

[0035] The decision unit is also connected with a first 
bio-decision engine 29 provided for executing a serial 
combinatorial operation with the scores of at least one 
bio-engine. Bio-decision engine 29 for example can ap- 
ply an AND operation on the scores of bio-engine 26 or 
on the scores of bio-engines 26 and 27. The decision 
unit is further connected with a second bio-decision en- 
gine 30 provided for executing a parallel combinatorial 
operation, i.e. applying an OR operation, with the scores 
of at least one bio-engine. The first and second bio-de- 
cision engines are also slaves for the decision unit. It 
should be noted that the presence of both the first and 
the second bio-decision engines is not absolutely re- 
quired. The device according to the present invention 
could also operate with only one of those bio-decision 
engines or even with none of the bio- decision engines. 
[0036] A data base manager 31 is also connected to 
the decision unit. This data base manager controls the 
data traffic between the decision unit and a database 32 
wherein the biometric templates of the clients are 
stored. A self learning module 33 is further connected 
to the decision unit and is provided for updating the tem- 
plates stored in the data base as a result of one or more 



good scores issued by the bio-engine. Finally an envi- 
ronmental module 34 to which sensors 35 and 36 are 
connected, is connected to the decision unit. The latter 
module is provided for supplying environmental infor- 

5 mation to the decision unit such as for example back- 
ground noise which could adversely affect the signal 
picked up by the microphone, or heavy light intensity 
which could adversely affect the image recorded by the 
camera. The sensors 35 and 36 are then formed by a 

10 dB meter and a light intensity meter and supply their 
measurement values to the environmental module 34. 
The latter then interprets these values and forwards in- 
formation to the decision unit which thereupon can mod- 
ify its decision criteria as will be described hereinafter. 

15 [0037] Before the biometric authentication device ac- 
cording to the present invention is fully operative an in- 
itialisation process is required. The initialisation process 
comprises the loading of the client features by means 
of the client features unit 22. Once loaded they are for- 

20 matted by the interface 22 and forwarded to the decision 
unit (24, 25). The biometric templates of the users also 
have to be created and stored into the database. For 
this purpose each of the users to who access will be 
provided to the entity protected by the device, will have 

2S to present themselves to the data capture unit so that 
the necessary data can be collected to form the tem- 
plates. Once the data capture unit has collected the data 
from the user, this data is formatted into a biometric tem- 
plate according to a predetermined format by the inter- 

30 face 21 and forwarded via the decision unit and the da- 
tabase manager 31 to the database where the template 
is stored. If the database stores the templates of several 
users, a PIN (Personal Identification Number) is as- 
signed to each user and the value of the PIN is stored 

35 in the database together with the templates to which the 
PIN belongs. If a smartcard is used as database the use 
or manual entry of a PIN is not necessarily required as 
the user carries this smartcard with him and only needs 
to insert his smartcard into the device to furnish his tem- 

40 plate and h is supposed identity stored on the smartcard 
to the device. In order to enable a suitable operation of 
the device, it is of course necessary that the templates 
are formatted in a same way as will be the data collected 
by the data capture unit for an authentication operation. 

45 [0038] The initialisation further comprises the initiali- 
sation of the decision unit which is loaded with weight 
factors to be assigned to the scores issued by the bio- 
engines as well as the relationship between those 
weight factors. The threshold value of the device also 

50 has to be set, as this will be dependent of the level of 
security desired. 

[0039] The operation of the biometric authentication 
device according to the invention will now be described 
with reference to a flowchart shown in figure 9. Suppose 
55 a bonafide user wants to get access to an entity protect- 
ed by the biometric authentication device. The user 
presents (40) himself in front of the device and types 
(49) his PIN and/or introduces (41) his smartcard com- 
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prising his templates. The client module 1 2 will open (42, 
45) an authentication session by activating the data cap- 
ture unit 20 and reading the introduced PIN and/or the 
templates available on the smartcard. When a PIN is 
received the template associated to that PIN is read (46) 
in the database and supplied to the database manager 
32. If the PIN is incorrect, which could be the case with 
an impostor or due to an error during typing, an error 
message is generated which can start a retry operation. 
After a predetermined number of retries, for example 
threes the device sends a refusal message and access 
is refused. 

[0040] The data capture unit will capture (43) life bio- 
metric data from the user, for example by letting him say 
a predetermined word, for example his name, recording 
a picture form his face and fingerprint. The captured da- 
ta is formatted (44) by the interface 21 in order to form 
a life biometric database which is the supplied (45) to 
the decision unit. 

[0041] The core server of the decision unit is provided 
to form a decision based on a decision strategy. This 
strategy comprises the processing of the scores such 
as issued by the bio-engines 26, 27 and 28. Suppose 
for example that the Verified Score to be generated by 
the decision unit is formed by : Vs = a + pS f + yS p 
wherein 

Sy : score generated by the bio-engine 26 perform- 
ing the voice authentication 
S f : score generated by the bio-engine 27 perform- 
ing the face authentication 
S p : score generated by the bio-engine 28 perform- 
ing the fingerprint authentication 
and a, p and y being weight factors comprised be- 
tween 0 and 1 and a + p + y = 1 

The scores of the bio-engines being normalized - 1 < S 
<+1 

The decision unit will then issue either an acceptance if 
Vs > Th or a refusal if Vs < Th, where Th is the threshold 
value. The values given here are only given by way of 
example and it will be clear that other values can be 
used as well as other mathematical relationships for Vs 
and for the weight factors. 

[0042] The life biometric data supplied to the decision 
unit is forwarded (47) by using the module manager 25 
to the respective bio-engines. The module manager al- 
so forwards the biometric templates retrieved from the 
data base to the respective bio-engines. So the voice 
template and voice life biometric data is forwarded to 
the bio-engines 26 and respectively the face and the fin- 
gerprint data to the bio-engines 27 and 28 respectively. 
The bio-engines then perform (50) their authentication 
operation on the received data and generate each a re- 
spective score Sy, Sf, S p . 

[0043] Depending on the configuration of the device, 
the module manager sends the scores to the core server 
if only one authentication procedure is necessary, or to 



the bio-decision engines 29 or 30 if serial or parallel 
combinatorial operations are requested (48). In the lat- 
ter case the bio-engines will again perform one or more 
authentication operations in function of how much at- 
5 tempts are involved in the serial an/or parallel combina- 
torial operation. In case of combinatorial operations the 
module manager preferably supplies new life biometric 
data captured by the data capture unit. The bio-decision 
engines then perform (51 ) their combinatorial operation 
on the scores of the bio-engines and determine a value 
for S v , S f and S p which is supplied via the module man- 
ager to the core server. 

[0044] Once the core server has received the score 
values, the verified scores Vs is determined and com- 
pared with the threshold value Th. If Vs > Th the core 
server issues (52) an acceptance signal and enables 
(54) access. If Vs £ Th the core server either issues a 
refusal or starts a retry (53) depending on how the latter 
is configurated. 

[0045] If the core server is configurated for starting a 
retry operation it will generate a control signal in order 
to start such a retry operation. Under control of such a 
control signal the weight factors a, p or y can then be 
adjusted and further weight factors factors a', p f and y 
are generated. This adjustment is for example done by 
taking into account the score values and/or the client 
feature. If for example the client feature indicates that 
the concerned user has a poor voice quality, the weight 
factor a is reduced for example by 25 % and the others 
are increased in order to satisfy the criteria a + p + y = 
1 . On the other if the score of the face is for example 
excellent, i.e. substantially higher than the threshold Th f 
for the face, and the one of the voice is normal whereas 
the one of the fingerprint is bad, for example because 
the finger is injured or burned, the core server can de- 
cide to lower y and increase p. The core server then de- 
termines again Vs by using the further weight factors 
and not necessarily by starting a new authentication 
process. If Vs > Th an acceptance signal is generated, 
if not again a retry (53) can be generated or the process 
is stopped. 

[0046] The original aspect of the present device is 
thus to move the decision to verify and/or identify a user 
out of the several single bio-engines and to let them op- 
erate as slaves of a decision unit where the final decision 
is taken based on weighted individual scores. The bio- 
engine as such can no longer alone decide to accept or 
reject, because their score value is no longer individually 
checked against a threshold value. Only the verified 
score, such as obtained and processed by the decision 
unit, can decide on accept or reject. 
[0047] If the device comprise a self learning module 
33, the latter is informed by the core server 24 if a bio- 
engine issues a very high score. This signifies that prob- 
ably the life biometric data is of exceptional quality. To 
that purpose the core server for example generates a 
second control signal when the score of the considered 
bio-engine is higher than a further threshold value which 
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is for example 20 % higher than the threshold of that 
bio-engine. The self learning module will then ask the 
module manager to furnish this life biometric data and 
will substitute the template stored in the database by this 
life biometric data which will now form the biometric tern- s 
plate. 

[0048] If the device comprises an environmental mod- 
ule 34, the information generated by that module is fur- 
nished to the core server under control of a trigger signal 
generated by that module. The core server is then pro- 10 
vided to modify the weight factors a, p and y in function 
of the received information and under control of the trig- 
ger signal. For example if a heavy background noise is 
detected, the dB meter will indicate a high value and the 
core server can decrease the value of a depending on is 
the measured dB value. 

Claims 

20 

1 . A biometric authentication device provided for man- 
aging access to at least one entity, said device be- 
ing operatively connectable to a database provided 
for storing biometric templates, said device com- 
prising a set of bio-engines each having an input for 25 
receiving said biometric templates and life biometric 
data originating from a data capture unit provided 

to collect life biometric data, each of said bio-en- 
gines being provided for performing a dedicated bi- 
ometric authentication operation with said biometric 30 
templates and said life biometric data and for gen- 
erating a score as a result of said authentication op- 
eration, characterized in that said device comprises 
a decision unit connected to said bio-engines and 
operating according to a master-slave relationship, 35 
wherein said decision unit being the master, said 
decision unit being provided for receiving each of 
said scores and for assigning a respective weight 
factor to each of said scores and forming a set of 
weighted scores therewith, said decision unit being 40 
further provided for combining said weighted scores 
and generating a verified score therewith, said de- 
cision unit being also provided for comparing said 
verified score with a threshold value and for gener- 
ating an access enable signal as a result of a pos- 
itive comparison and an access refusal signal as a 
result of a negative comparison. 

2. A biometric authentication device as claimed in 
claim 1 , characterized in that the decision unit is so 
connected with a first bio-decision engine, which is 
provided for executing a serial combinatorial oper- 
ation with the scores generated by at least one of 
said bio-engines, said first bio-decision engine be- 
ing provided to operate as a slave from said deci- ss 
sion unit. 

3. A biometric authentication device as claimed in 



claim 1 or 2, characterized in that the decision unit 
is connected with a second bio-decision engine, 
which is provided for executing a parallel combina- 
torial operation with the scores generated by at 
least one of said bio-engines, said second bio-de- 
cision engine being provided to operate as a slave 
from said decision unit. 

4. A biometric authentication device as claimed in an- 
yone of the claims 1 to 3, characterized in that said 
decision unit is provided for generating a control sig- 
nal when said verified score is below said threshold, 
said decision unit being further provided for deter- 
mining a set of further weight factors under control 
of said control signal and assigning them to said 
scores and generating a further verified score there- 
with. 

5. A biometric authentication device as claimed in 
claim 4, characterized in that said further weight fac- 
tors and said weight factors each time satisfy a pre- 
determined relationship. 

6. A biometric authentication device as claimed in an- 
yone of the claims 1 to 5, characterized in that said 
decision unit comprises a core server which is pro- 
vided for generating said verified score and execut- 
ing said comparison. 

7. A biometric authentication device as claimed in 
claim 6, characterized in that said decision unit 
comprises a module manager which is provided for 
managing data traffic between said bio-engines and 
said core server. 

8. A biometric authentication device as claimed in 
claim 2 and 6 or 3 and 6, characterized in that said 
decision unit comprises a module manager, which 
is provided for managing data traffic between said 
bio-decision engine and said core server. 

9. A biometric authentication device as claimed in an- 
yone of the claims 1 to 8, characterized in that said 
data capture unit is connected to an interface to 
which a feature module is connected, said feature 
module being provided for input of client dedicated 
features. 

10. A biometric authentication device as claimed in an- 
yone of the claims 1 to 9, characterized in that said 
biometric templates are stored on a memory formed 
by either a smartcard, a harddisk, a EE PROM or a 
flash memory. 

11 . A biometric authentication device as claimed in an- 
yone of the claims 1 to 1 0, characterized in that said 
device comprises an interface having an input for 
receiving said life biometric data from said data cap- 
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ture unit, said interface being provided to format 
said life biometric data according to a predeter- 
mined format. 

12. A biometric authentication device as claimed in an- s 
yone of the claims 1 to 11 , characterized is that said 
decision unit is connected to a self learning module 
which is provided for substituting into said database 

a biometric template by a life biometric data under 
control of a second control signal generated by said 10 
decision unit upon detection of a score issued by a 
bio-engine which is higher than a further predeter- 
mined threshold value. 

1 3. A biometric authentication device as claimed in an- is 
yone of the claims 1 to 1 2, characterized in that said 
decision unit is connected to an environmental 
module which is provided for generating a trigger 
signal, said decision unit being provided to modify 
the weight factors under control of said trigger sig- 20 
nal. 
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Fig. 7 
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